I am wondering if anyone has a UBBCode to Html conversion snippit they could share for the [IMG] tag that will sanitize the input to prevent XSS vulnerabilities such as adding script to the <img> tag. I am trying to prevent XSS like below and worse. I have a CF based forum I inherited and the UBB > HTML conversion for the [img] tag is simplistic and needs replacing. I would rather not reinvent the wheel if I don't have to especially since this is a favor for someone. Any help is appreciated.
[img]http://www.uxb.net/images/small-logo.gif " onLoad="alert(String.fromCharCode(88,83,83))[/img] [img]fake.png" onerror="alert(String.fromCharCode(88,83,83))[/img] Dennis Powers UXB Internet - A Website Design & Hosting Company P.O. Box 6028 Wolcott, CT 06716 203-879-2844 http://www.uxbinternet.com -- Open BlueDragon Public Mailing List http://www.openbluedragon.org/ http://twitter.com/OpenBlueDragon official manual: http://www.openbluedragon.org/manual/ Ready2Run CFML http://www.openbluedragon.org/openbdjam/ mailing list - http://groups.google.com/group/openbd?hl=en
